From owner-freebsd-current@FreeBSD.ORG Sat Aug 21 17:19:32 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0710B16A4CE for ; Sat, 21 Aug 2004 17:19:32 +0000 (GMT) Received: from kientzle.com (h-66-166-149-50.snvacaid.covad.net [66.166.149.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9311643D45 for ; Sat, 21 Aug 2004 17:19:31 +0000 (GMT) (envelope-from kientzle@freebsd.org) Received: from freebsd.org (p54.kientzle.com [66.166.149.54]) by kientzle.com (8.12.9/8.12.9) with ESMTP id i7LHJP90005173; Sat, 21 Aug 2004 10:19:27 -0700 (PDT) (envelope-from kientzle@freebsd.org) Message-ID: <4127841D.6050104@freebsd.org> Date: Sat, 21 Aug 2004 10:19:25 -0700 From: Tim Kientzle User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20031006 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sean McNeil References: <1092777586.92327.9.camel@server.mcneil.com> <20040817213813.GE3827@gothmog.gr> <1092951447.1167.12.camel@server.mcneil.com> In-Reply-To: <1092951447.1167.12.camel@server.mcneil.com> Content-Type: multipart/mixed; boundary="------------050501010007080602060205" cc: Giorgos Keramidas cc: freebsd-current@freebsd.org Subject: Re: bsdtar core dumps X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Aug 2004 17:19:32 -0000 This is a multi-part message in MIME format. --------------050501010007080602060205 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sean McNeil wrote: >>> >>>I just tried to unarchive a file that didn't exist and got a core dump: > > Here is a backtrace of the error: > > #0 0x0000000200926d7e in __vfprintf (fp=0x7fffffffe360, > fmt0=0x4161d9 "Failed to open '%s'", ap=0x7fffffffe640) > at /usr/src/lib/libc/stdio/vfprintf.c:1052 > #1 0x00000002008c4006 in vsnprintf (str=0x32
, > n=4284889, fmt=0x4161d9 "Failed to open '%s'", ap=0x7fffffffe640) > at /usr/src/lib/libc/stdio/vsnprintf.c:75 > #2 0x0000000000411478 in __archive_string_vsprintf (as=0x520240, > fmt=0x4161d9 "Failed to open '%s'", ap=0x7fffffffe640) > at /usr/src/lib/libarchive/archive_string_sprintf.c:60 > > Could be a compiler bug I suppose, but more likely I think it is this > code: > > if (n == 0) { > if (on > 0) > *str = '\0'; > str = dummy; > n = 1; > } > > in vsnprintf.c::vsnprintf. The code you've pointed to above concerns me because of the part about: if (n == 0) { ... n = 1; } That ain't right: If I told vsnprintf the buffer size was zero, it should treat it as such. If I meant "one", I would have said "one." On the other hand, the vsnprintf.3 man page does explicitly state that "the output is always null-terminated," which would preclude passing a zero-length buffer, which is exactly what libarchive is doing in this situation. It is bogus, but at least it's documented bogosity. ;-) Please try the attached patch to libarchive/archive_string_sprintf.c and let me know if it works for you. It simply forces the target buffer to be allocated and thereby avoids calling vsnprintf with a NULL buffer. Tim Kientzle --------------050501010007080602060205 Content-Type: text/plain; name="archive_string_sprintf.c.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="archive_string_sprintf.c.diff" Index: archive_string_sprintf.c =================================================================== RCS file: /home/ncvs/src/lib/libarchive/archive_string_sprintf.c,v retrieving revision 1.4 diff -u -r1.4 archive_string_sprintf.c --- archive_string_sprintf.c 14 Aug 2004 03:45:45 -0000 1.4 +++ archive_string_sprintf.c 21 Aug 2004 17:02:49 -0000 @@ -48,6 +48,9 @@ { size_t l; + /* Make sure the target area is initialized. */ + __archive_string_ensure(as, 64); + if (fmt == NULL) { as->s[0] = 0; return; --------------050501010007080602060205--